November 15, 2012
Stolen Laptops Force NASA To Use Encryption
Enid Burns for redOrbit.com — Your Universe Online
Halloween was scary this year for NASA. A laptop and official NASA documents issued to a headquarters employee were stolen from the employee's locked vehicle on October 31. The agency issued a warning to all employees, and issued a lock down on all NASA-issued laptops until proper encryption software could be installed.
NASA is not allowing any agency-issued laptops to leave the premises until encryption protection is installed. The stolen laptop was password-protected, however some hackers might still be able to break the password and gain access to sensitive information from NASA, including data on all NASA employees, contractors and other files.
The agency issued a statement to its workers to warn of the breach in personally identifiable information (PII). NASA enlisted the services of data breach specialist ID Experts to investigate the extent of the data breach, and work with the agency to increase its security against future breaches.
This data breach has NASA concerned about each of its employees. ID Experts will contact affected employees by sending letters informing them that their sensitive PII was stored on the stolen laptop, and they could be impacted by the breach. "This notification also will provide them information on how to protect their identity using the fully managed services of ID Experts at no cost to the individual," read a statement issued by the Associate Deputy Administrator of NASA, Richard J. Keegan Jr.
Services to help employees protect their privacy include a call center and website, credit and identity monitoring, recovery services in cases of identity compromise, an insurance reimbursement policy, educational materials, and access to fraud resolution representatives.
Employees of NASA were also warned not to provide any information, should they be contacted by phone, email or other forms of communications. "NASA and ID Experts will not be contacting employees to ask for or confirm personal information. If you receive such a communication, please do not provide any personal information," the memo read.
Such contact to verify information could put the individual, but also NASA, at additional risk. Hackers who get hold of the stolen laptop could be after personal identity theft, but could also make attempts to get deeper into NASA's computer systems to compromise the agency further.
The October 31 incident is not the first time a laptop was stolen from a NASA employee. The agency admitted this past spring that in a two-year period at least 48 electronic devices were lost or stolen by agency employees. In March a laptop computer went missing. That laptop had files containing the codes for controlling the International Space Station.
An MSNBC news report at the time suggested that there may be more missing devices since reporting them is voluntary.
It is not uncommon for laptops and other electronics such as mobile phones, tablets and USB drives to be lost or stolen. When the laptop or other device happens to be from NASA or another government agency there is heightened concern that hackers will gain access to government files and systems.